raspiblitz: WebUI: Password is wrong

Hello,

refering to https://github.com/rootzoll/raspiblitz/issues/3145, I currently have the exact same problem: if I go to the WebUI and enter my password A, I get the error An error occured: Password is wrong

The password is definitely the correct one. Journal output:

Jul 30 10:54:42 raspberrypi python[822]: INFO: 127.0.0.1:47570 - "POST /system/login HTTP/1.0" 401 Unauthorized

₿ /home/admin/config.scripts/blitz.passwords.sh check a "XXXXXXXXX"
# salt file exists
# hashedPasswordSalt(XXXXXXXXXX)
# first try within last minute - respond fast
correct=1

About this issue

Original URL
State: closed
Created 2 years ago
Reactions: 3
Comments: 16

Most upvoted comments

Do you have Special characters in your password A?

Yes, a minus and a point. I now changed it to only upper/lowercase+digits and login works now. Thanks for the hint!

net47 on Jul 30, 2022

@cstenglein will we update the password policy in the WebUI to also math the old SSH ruleset of including “-._” or is this an API thing?

From a quick look at the code, I do think this is an API thing too.

It looks like the API uses the same alphanum-only regex as the WebUI when checking a password upon login.

I’ll open PRs for the WebUI and the API so that we can see if this fixes it.

Edit:

Here’s the PRs:

https://github.com/fusion44/blitz_api/pull/141/: Should fix this issue–the user seems to already have a password (with - and/or .) but the API won’t accept it.
https://github.com/cstenglein/raspiblitz-web/pull/418: This is related and, while probably not the cause of this specific issue, aligns the WebUI password regex with that of the Raspiblitz.

ghost on Aug 5, 2022

@cstenglein this is the line in the SSH script setting the password: https://github.com/rootzoll/raspiblitz/blob/b20293a0c90f531477774c9a810b5491c81d0166/home.admin/config.scripts/blitz.passwords.sh#L218

So as special chars its: - & . that should be also allowed.

rootzoll on Aug 3, 2022